US 6954770 B1 Abstract A random number generator comprising an oscillator with an output signal dependant upon a random source, a sampling device to sample the output signal from the oscillator to obtain a sampled oscillator output, and a fixed frequency clock driven linear feedback shift register (LFSR) communicatively coupled to the sampling device via a digital gate to receive the sampled oscillator output, and to provide a random number at an output of the LFSR. Additionally, the random number generator may comprise an optional mixing function communicatively coupled to the LFSR to read the random number, and to insert the random number into an algorithm to obtain a robust random number.
Claims(20) 1. An apparatus comprising:
an oscillator with an output signal dependant upon a random source, the oscillator comprising at least two inverters;
a sampling device to sample the output signal from the oscillator to obtain a sampled oscillator output; and
a fixed frequency clock driven linear feedback shift register (LFSR) communicatively coupled to the sampling device via a digital gate to receive the sampled oscillator output, and to provide a random number at an output of the LFSR.
2. An apparatus as in
a processor communicatively coupled to the LFSR to read the random number, and to insert the random number into an algorithm to obtain a robust random number.
3. An apparatus as in
4. An apparatus as in
5. An apparatus as in
6. An apparatus as in
7. An apparatus as in
8. An apparatus as in
9. An apparatus as in
10. A method comprising:
generating random binary bits;
sampling and latching the generated random binary bits;
inserting the generated random binary bits into a fixed frequency clock driven linear feedback shift register (LFSR) via a digital gate to generate a random number;
duplicating the generated random number at least once;
concatenating the duplicated random numbers; and
inserting the generated random number into an algorithm to obtain a robust random number.
11. A method as in
12. A method as in
13. An apparatus comprising:
a plurality of random oscillators each generating a random binary output signal, that includes at least a first oscillator and a second oscillator;
a plurality of sampling devices including at least a first sampling device and a second sampling device, wherein the first sampling device samples the output from the first oscillator and the second sampling device samples the output from the second oscillator; and
a fixed frequency clock driven linear feedback shift register (LFSR) that receives the sampled binary output signal from the first sampling device and the second sampled device to generate a random number.
14. An apparatus as in
15. An apparatus as in
16. An apparatus as in
17. An apparatus as in
18. An apparatus as in
19. An apparatus as in
20. An apparatus as in
Description 1. Field of the Invention The present invention is related to the field of semiconductor circuits. In particular, the present invention is related to an apparatus for generating random numbers. 2. Description of the Related Art Random number generation is critical to cryptographic systems. Symmetric ciphers such as data encryption standard (DES) require a randomly selected encryption key. Public-key algorithms like RSA, Diffie-Hellman, and DSA require randomly generated key pairs. Furthermore, the secure sockets layer (SSL) and other cryptographic protocols use random challenges in the authentication process to foil attacks. Because of the widespread use of random numbers in cryptography, a random number generator must be robust enough so that even if the design of the random number generator is known, the random number generated by the random number generator cannot be predicted. Typically, a random number generator comprises an entropy generator to generate a seed that is then input into a mixing function (e.g., SHA-1, MD5 etc.). However, a large number of random number generators, actually utilize a deterministic process, i.e., a process whose outcome is predictable, to generate an output from an initial seed. This is true in the case of most software embodiments of random number generators. Such random number generators, (also called pseudo random number generators) can be easily compromised, particularly if the seed of the pseudo random number generator can be predicted. Therefore, a seed generated by a true random number generator is essential for the proper functioning of a pseudo random number generator. A true random number generator (RNG) uses a non-deterministic source, such as, thermal or shot noise associated with a resistor, atmospheric noise, nuclear decay, or some such unpredictable natural process to generate a seed. Some random number generators use a natural process, i.e. the thermal or shot noise present when electrons flow through a resistor, to generate a seed. However, the RNGs of these circuits use analog circuitry that may include at least an operation amplifier and a voltage control oscillator to generate the seed. The use of analog circuits in the design of a RNG makes production of the RNG difficult. For example, due to the high voltage gain needed to amplify the thermal or shot noise, the output of the operation amplifier could become permanently saturated rendering the RNG useless. Other RNGs use a low frequency clocked circuit to sample the output of a linear feedback shift register (LFSR), wherein the LFSR is driven by a higher frequency free running ring oscillator with a random variation in the frequency to generate random numbers. Due to the use of a low frequency clocked circuit to sample a higher frequency free running oscillator to generate random numbers, a failure of the free running oscillator is difficult to detect (i.e., one needs to monitor the output of the LFSR to determine if a predictable pattern is present). Moreover, RNGs that employ this design usually do not scale well as it is not obvious how to increase the amount of entropy i.e., the random binary bits generated. Examples of the present invention are illustrated in the accompanying drawings. The accompanying drawings, however, do not limit the scope of the present invention. Similar references in the drawings indicate similar elements. Described is a random number generator that comprises an entropy generator and a mixing function. In one embodiment, the entropy generator generates random binary bits (entropy bits) that may be used as a random number. In alternate embodiments, the entropy bits output from the entropy generator may be used as a seed in a mixing function to generate a robust random number. The entropy generator described herein may be used with any mixing function, and the mixing function described may be used with any entropy generator. In the following description numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well-known architectures, steps, and techniques have not been shown to avoid obscuring the present invention. In addition, it should be understood that the embodiments described herein are not related or limited to any particular hardware technology. Rather, the embodiments described may be constructed using various technologies (e.g., bi-polar technology, complimentary-metal-oxide-semiconductors (cmos) technology, etc.) in accordance with the teachings described herein. Similarly, it may prove advantageous to construct a specialized apparatus to perform the teachings described herein by way of discrete components, or by way of an integrated circuit that uses one or more integrated circuit die that may be interconnected. Lastly, repeated usage of the phrase “in one embodiment” does not necessarily refer to the same embodiment, although it may. In one embodiment, the output of each oscillator in the set of oscillators is coupled to a corresponding sampling device LFSR In one embodiment, a polynomial (e.g., polynomial x In one embodiment, in order to generate a 64 bit random number, a RNG with 64 oscillators In the LFSR While in one embodiment three inverters are used in the design of each oscillator Each differential amplifier oscillator is designed to have a large jitter caused by the noise in the semiconductor junctions of the inverters. Therefore, physically small transistors are used in the design of the differential amplifiers. Due to the small physical size of the transistors less power is consumed and the amount of jitter at the oscillator output increases. Returning to In one embodiment, the output from each shift register element Thus, it should be understood that the connection of the sampling devices In alternate embodiments, two or more LFSRs may be cascaded to generate entropy bits that are input into the mixing function via bus As can be seen, the entropy generator In one embodiment, the mixing function is implemented using a modified SHA-1 algorithm. (A detailed specification of the SHA-1 algorithm may be found at the U.S. department of commerce's Federal Information Processing Standards Publication (FIPS) 180-1). In After processing the 512-bit number through the SHA-1 algorithm, (e.g., using function logic Prior to obtaining the robust random number In one embodiment, since the buffer that originally contained the {H For subsequent robust random number calculations, all or part of the previous robust random number obtained (i.e., the hash result Thus a method and apparatus have been disclosed for generating a random number. While there has been illustrated and described what are presently considered to be example embodiments of the present invention, it will be understood by those skilled in the art that various other modifications may be made, and equivalents may be substituted, without departing from the true scope of the invention. Additionally, many modifications may be made to adapt a particular situation to the teachings of the present invention without departing from the central inventive concept described herein. Therefore, it is intended that the present invention not be limited to the particular embodiments disclosed, but that the invention include all embodiments falling within the scope of the appended claims. Patent Citations
Non-Patent Citations
Referenced by
Classifications
Legal Events
Rotate |